<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Upgrade iRedMail from 1.6.1 (or 1.6.2) to 1.6.3</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>

    <div id="navigation">
    <a href="https://www.iredmail.org" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="upgrade-iredmail-from-161-or-162-to-163">Upgrade iRedMail from 1.6.1 (or 1.6.2) to 1.6.3</h1>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Check out the on-premises, lightweight email archiving software developed by iRedMail team: <a href="https://spiderd.io/">Spider Email Archiver</a>.</p>
</div>
<div class="toc">
<ul>
<li><a href="#upgrade-iredmail-from-161-or-162-to-163">Upgrade iRedMail from 1.6.1 (or 1.6.2) to 1.6.3</a><ul>
<li><a href="#changelog">ChangeLog</a></li>
<li><a href="#general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</a><ul>
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
<li><a href="#disable-tlsv1-and-tlsv11-in-postfix">Disable TLSv1 and TLSv1.1 in Postfix</a></li>
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-53">Upgrade iRedAPD (Postfix policy server) to the latest stable release (5.3)</a></li>
<li><a href="#upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-23">Upgrade iRedAdmin (open source edition) to the latest stable release (2.3)</a></li>
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release-161-warning-therere-breaking-changes">Upgrade Roundcube webmail to the latest stable release (1.6.1). WARNING: There're breaking changes.</a></li>
<li><a href="#upgrade-netdata-to-the-latest-stable-release-1391">Upgrade netdata to the latest stable release (1.39.1)</a></li>
</ul>
</li>
<li><a href="#for-mysqlmariadb-backends">For MySQL/MariaDB backends</a><ul>
<li><a href="#add-missing-index-for-sql-column-forwardingsforwarding">Add missing index for SQL column forwardings.forwarding</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="admonition note">
<p class="admonition-title">Remote Upgrade Assistance</p>
<p>Check out our <a href="https://www.iredmail.org/support.html">remote upgrade support</a> if you need assistance.</p>
</div>
<h2 id="changelog">ChangeLog</h2>
<ul>
<li>May 24, 2023: Mention breaking changes between Roundcube 1.5.x and 1.6.x.</li>
<li>May 23, 2023: initial publish.</li>
</ul>
<h2 id="general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</h2>
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:</p>
<pre><code>1.6.3
</code></pre>
<h3 id="disable-tlsv1-and-tlsv11-in-postfix">Disable TLSv1 and TLSv1.1 in Postfix</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<ul>
<li>TLS 1.0 and 1.1 are vulnerable to downgrade attacks since they rely on
  SHA-1 hash for the integrity of exchanged messages.</li>
<li>TLS 1.1 was deprecated in March 2021.</li>
</ul>
</div>
<div class="admonition warning">
<p class="admonition-title">WARNING: CentOS 7</p>
<p>Do not apply this on <strong>CentOS 7</strong>, because TLSv1 is still required by
Roundcube with old PHP 5.4. You should consider upgrade CentOS to at least
CentOS Stream 8 or Rocky Linux 8, or AlmaLinux 8 as soon as possible.</p>
</div>
<p>Run shell commands below as root user to disable TLSv1 and TLSv1.1 for SMTP service:</p>
<pre><code>postconf -e smtpd_tls_protocols='!SSLv2 !SSLv3 !TLSv1 !TLSv1.1'
postconf -e smtpd_tls_mandatory_protocols='!SSLv2 !SSLv3 !TLSv1 !TLSv1.1'
postconf -e smtp_tls_protocols='!SSLv2 !SSLv3 !TLSv1 !TLSv1.1'
postconf -e smtp_tls_mandatory_protocols='!SSLv2 !SSLv3 !TLSv1 !TLSv1.1'
postconf -e lmtp_tls_protocols='!SSLv2 !SSLv3 !TLSv1 !TLSv1.1'
postconf -e lmtp_tls_mandatory_protocols='!SSLv2 !SSLv3 !TLSv1 !TLSv1.1'
postfix reload
</code></pre>
<h3 id="upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-53">Upgrade iRedAPD (Postfix policy server) to the latest stable release (5.3)</h3>
<p>Please follow below tutorial to upgrade iRedAPD to the latest stable release:
<a href="./upgrade.iredapd.html">Upgrade iRedAPD to the latest stable release</a></p>
<h3 id="upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-23">Upgrade iRedAdmin (open source edition) to the latest stable release (2.3)</h3>
<p>Please follow below tutorial to upgrade iRedAdmin to the latest stable release:
<a href="./migrate.or.upgrade.iredadmin.html">Upgrade iRedAdmin to the latest stable release</a>.</p>
<h3 id="upgrade-roundcube-webmail-to-the-latest-stable-release-161-warning-therere-breaking-changes">Upgrade Roundcube webmail to the latest stable release (1.6.1). WARNING: There're breaking changes.</h3>
<div class="admonition warning">
<p class="admonition-title">CentOS 7: please stick to Roundcube 1.5.2</p>
<p>If you're running CentOS 7, please upgrade to Roundcube 1.5.2 instead.
Roundcube 1.5.3 requires PHP-7, but CentOS 7 ships PHP-5.4 which is not
supported by Roundcube 1.5.3 (and the latest 1.6.0).</p>
<p>It's time to leave your comfort zone and upgrade this server to CentOS
Stream 8 or <a href="https://docs.rockylinux.org/guides/migrate2rocky/">Rocky Linux 8</a>.</p>
</div>
<div class="admonition warning">
<p class="admonition-title">Ubuntu 18.04: please stick to Roundcube 1.5.x</p>
<p>Ubuntu 18.04 runs old php version, v1.5.x contains the security fix too.
Please consider upgrading your OS to 20.04 LTS as soon as possible.</p>
</div>
<div class="admonition warning">
<p class="admonition-title">PHP Version</p>
<p>Roundcube 1.6.x requires PHP 7.3 or later releases.</p>
</div>
<p>Please follow Roundcube official tutorial to upgrade Roundcube webmail to the
latest stable release:</p>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Please remove file <code>/opt/www/roundcubemail/composer.json</code> before upgrade.</p>
</div>
<ul>
<li><a href="https://github.com/roundcube/roundcubemail/wiki/Upgrade">How to upgrade Roundcube</a>.</li>
</ul>
<p>Few changes  are required if you upgrade from Roundcube 1.5.x or earlier to 1.6.x:</p>
<ul>
<li>Main config file <code>/opt/www/roundcubemail/config/config.inc.php</code>:<ul>
<li>Remove (or comment out) <code>smtp_server</code> and <code>smtp_port</code> parameters, add new
  parameter <code>smtp_host</code>.</li>
<li>Remove (or comment out) <code>default_host</code> and <code>default_port</code>, add <code>imap_host</code>.</li>
<li>Set <code>auto_create_user</code> to <code>true</code> (default value is <code>false</code>). Otherwise newly
  created mail users can not login to Roundcube.</li>
</ul>
</li>
</ul>
<pre><code>$config[&quot;smtp_host&quot;] = &quot;tls://127.0.0.1:587&quot;;
$config[&quot;imap_host&quot;] = &quot;tls://127.0.0.1:143&quot;;
$config['auto_create_user'] = true;
</code></pre>
<ul>
<li>Plugin <code>managesieve</code> config file <code>/opt/www/roundcubemail/plugins/managesieve/config.inc.php</code>:<ul>
<li>Remove (or comment out) <code>managesieve_port</code> and <code>managesieve_usetls</code>,
  add new parameter <code>managesieve_host</code>.</li>
</ul>
</li>
</ul>
<pre><code>$config[&quot;managesieve_host&quot;] = &quot;tls://127.0.0.1:4190&quot;;
</code></pre>
<h3 id="upgrade-netdata-to-the-latest-stable-release-1391">Upgrade netdata to the latest stable release (1.39.1)</h3>
<p>If you have netdata installed, you can upgrade it by following this tutorial:
<a href="./upgrade.netdata.html">Upgrade netdata</a>.</p>
<h2 id="for-mysqlmariadb-backends">For MySQL/MariaDB backends</h2>
<h3 id="add-missing-index-for-sql-column-forwardingsforwarding">Add missing index for SQL column <code>forwardings.forwarding</code></h3>
<p>Please run shell commands below as <code>root</code> user to add missing SQL index:</p>
<pre><code>mysql vmail -e &quot;ALTER TABLE forwardings ADD INDEX forwarding (forwarding);&quot;
</code></pre><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>